With government financial aid at its highest ever known level and a reliance on communications to and from HMRC, sadly this well known ‘brand’ has become a prime target for scammers. Although for some time we have seen HMRC-branded tax scam campaigns throughout the year, peaking at different times in line with many of our key business events (for example around the Self-Assessment deadline in January), these have rapidly increased over the past couple of months.
Thankfully, HMRC does have a dedicated Customer Protection Team, which prevents scams by:
This effort by HMRC has meant that the organisation has dropped from the unwelcome ‘accolade’ of 14th to 146th ‘most-phished brand in the world’ over the past three years. However, in recent weeks HMRC has detected more than 70 Covid-related financial scams to date, most by text message and some by email and has asked Internet Service Providers to take down more than 500 web pages associated with these Covid-related scam campaigns - just proving how real this threat is to us all!
In addition to their ongoing work to warn customers about scams, HMRC are running a radio ad campaign, during May, to alert people to an increased threat of scams. They are also supporting the radio ads with social media posts, including on Twitter, Facebook and LinkedIn as well as working closely with the Home Office, National Cyber Security Centre and other government departments, helping to coordinate efforts to combat scams.
There is a lot that we can do to all help ensure our families, friends, colleagues, clients and business associates don’t fall victim to these scams by spreading the word and supporting various social media campaigns, for example those below:
However, it isn’t just the HMRC that are being targeted. There are many different types of scam emails that you may get sent from all sorts of different providers. Most scammers are trying to use social engineering to attack you, so watch out for emails:
If you aren’t sure then contact the sender. But remember, don't use the numbers/emails/links in the email as these may be false, but visit the official website instead. Don’t be tempted to reply to the email, this just confirms to the sender that they have managed to access a real person. Finally, once you have decided that an email is a scam, report it and then delete it!
If the worst happens and you realise that you have clicked on a link or entered your details into a website, what should you do?